From 4bfa5e7de8f6b80c3206995ed887eca43d9ec3fc Mon Sep 17 00:00:00 2001 From: Ajay Ramachandran Date: Sun, 26 Jul 2020 11:13:36 -0400 Subject: [PATCH 1/2] Banned users can't vote --- src/routes/voteOnSponsorTime.js | 1 + test/cases/voteOnSponsorTime.js | 29 +++++++++++++++++++++++++---- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/src/routes/voteOnSponsorTime.js b/src/routes/voteOnSponsorTime.js index 0b75b49..f664d40 100644 --- a/src/routes/voteOnSponsorTime.js +++ b/src/routes/voteOnSponsorTime.js @@ -249,6 +249,7 @@ async function voteOnSponsorTime(req, res) { // Only change the database if they have made a submission before and haven't voted recently let ableToVote = isVIP || (db.prepare("get", "SELECT userID FROM sponsorTimes WHERE userID = ?", [nonAnonUserID]) !== undefined + && privateDB.prepare("get", "SELECT userID FROM shadowBannedUsers WHERE userID = ?", [nonAnonUserID]) === undefined && privateDB.prepare("get", "SELECT UUID FROM votes WHERE UUID = ? AND hashedIP = ? AND userID != ?", [UUID, hashedIP, userID]) === undefined); if (ableToVote) { diff --git a/test/cases/voteOnSponsorTime.js b/test/cases/voteOnSponsorTime.js index c1776f6..1ce4b7c 100644 --- a/test/cases/voteOnSponsorTime.js +++ b/test/cases/voteOnSponsorTime.js @@ -1,7 +1,7 @@ -var request = require('request'); -var db = require('../../src/databases/databases.js').db; -var utils = require('../utils.js'); -var getHash = require('../../src/utils/getHash.js') +const request = require('request'); +const { db, privateDB } = require('../../src/databases/databases.js'); +const utils = require('../utils.js'); +const getHash = require('../../src/utils/getHash.js'); describe('voteOnSponsorTime', () => { before(() => { @@ -9,6 +9,7 @@ describe('voteOnSponsorTime', () => { db.exec(startOfQuery + "('vote-testtesttest', 1, 11, 2, 'vote-uuid-0', 'testman', 0, 50, 'sponsor', 0)"); db.exec(startOfQuery + "('vote-testtesttest2', 1, 11, 2, 'vote-uuid-1', 'testman', 0, 50, 'sponsor', 0)"); db.exec(startOfQuery + "('vote-testtesttest2', 1, 11, 10, 'vote-uuid-1.5', 'testman', 0, 50, 'outro', 0)"); + db.exec(startOfQuery + "('vote-testtesttest2', 1, 11, 10, 'vote-uuid-1.6', 'testman', 0, 50, 'interaction', 0)"); db.exec(startOfQuery + "('vote-testtesttest3', 20, 33, 10, 'vote-uuid-2', 'testman', 0, 50, 'intro', 0)"); db.exec(startOfQuery + "('vote-testtesttest,test', 1, 11, 100, 'vote-uuid-3', 'testman', 0, 50, 'sponsor', 0)"); db.exec(startOfQuery + "('vote-test3', 1, 11, 2, 'vote-uuid-4', 'testman', 0, 50, 'sponsor', 0)"); @@ -18,8 +19,10 @@ describe('voteOnSponsorTime', () => { db.exec(startOfQuery + "('voter-submitter', 1, 11, 2, 'vote-uuid-8', '" + getHash("randomID") + "', 0, 50, 'sponsor', 0)"); db.exec(startOfQuery + "('voter-submitter2', 1, 11, 2, 'vote-uuid-9', '" + getHash("randomID2") + "', 0, 50, 'sponsor', 0)"); db.exec(startOfQuery + "('voter-submitter2', 1, 11, 2, 'vote-uuid-10', '" + getHash("randomID3") + "', 0, 50, 'sponsor', 0)"); + db.exec(startOfQuery + "('voter-submitter2', 1, 11, 2, 'vote-uuid-11', '" + getHash("randomID4") + "', 0, 50, 'sponsor', 0)"); db.exec("INSERT INTO vipUsers (userID) VALUES ('" + getHash("VIPUser") + "')"); + privateDB.exec("INSERT INTO shadowBannedUsers (userID) VALUES ('" + getHash("randomID4") + "')"); }); it('Should be able to upvote a segment', (done) => { @@ -76,6 +79,24 @@ describe('voteOnSponsorTime', () => { }); }); + it("Should not be able to downvote a segment if the user is shadow banned", (done) => { + request.get(utils.getbaseURL() + + "/api/voteOnSponsorTime?userID=randomID4&UUID=vote-uuid-1.6&type=0", null, + (err, res, body) => { + if (err) done(err); + else if (res.statusCode === 200) { + let row = db.prepare('get', "SELECT votes FROM sponsorTimes WHERE UUID = ?", ["vote-uuid-1.6"]); + if (row.votes === 10) { + done() + } else { + done("Vote did not fail. Submission went from 10 votes to " + row.votes); + } + } else { + done("Status code was " + res.statusCode); + } + }); + }); + it("Should not be able to upvote a segment if the user hasn't submitted yet", (done) => { request.get(utils.getbaseURL() + "/api/voteOnSponsorTime?userID=hasNotSubmittedID&UUID=vote-uuid-1&type=1", null, From 986c9dcf5fccf8433033dc48bded8fa701e31b2e Mon Sep 17 00:00:00 2001 From: Ajay Ramachandran Date: Sun, 26 Jul 2020 11:26:51 -0400 Subject: [PATCH 2/2] Don't show banned users on the leaderboard --- src/databases/databases.js | 5 ++++- src/routes/getTopUsers.js | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/databases/databases.js b/src/databases/databases.js index 46aa92a..1a1b448 100644 --- a/src/databases/databases.js +++ b/src/databases/databases.js @@ -32,10 +32,13 @@ if (config.mysql) { if (fs.existsSync(config.privateDBSchema)) privateDB.exec(fs.readFileSync(config.privateDBSchema).toString()); } - // Upgrade database if required if (!config.readOnly) { + // Upgrade database if required ugradeDB(db, "sponsorTimes"); ugradeDB(privateDB, "private") + + // Attach private db to main db + db.prepare("ATTACH ? as privateDB").run(config.privateDB); } // Enable WAL mode checkpoint number diff --git a/src/routes/getTopUsers.js b/src/routes/getTopUsers.js index 9931afa..2b452b6 100644 --- a/src/routes/getTopUsers.js +++ b/src/routes/getTopUsers.js @@ -44,7 +44,9 @@ module.exports = function getTopUsers (req, res) { "SUM((sponsorTimes.endTime - sponsorTimes.startTime) / 60 * sponsorTimes.views) as minutesSaved, " + additionalFields + "IFNULL(userNames.userName, sponsorTimes.userID) as userName FROM sponsorTimes LEFT JOIN userNames ON sponsorTimes.userID=userNames.userID " + - "WHERE sponsorTimes.votes > -1 AND sponsorTimes.shadowHidden != 1 GROUP BY IFNULL(userName, sponsorTimes.userID) ORDER BY " + sortBy + " DESC LIMIT 100", []); + "LEFT JOIN privateDB.shadowBannedUsers ON sponsorTimes.userID=privateDB.shadowBannedUsers.userID " + + "WHERE sponsorTimes.votes > -1 AND sponsorTimes.shadowHidden != 1 AND privateDB.shadowBannedUsers.userID IS NULL " + + "GROUP BY IFNULL(userName, sponsorTimes.userID) ORDER BY " + sortBy + " DESC LIMIT 100", []); for (let i = 0; i < rows.length; i++) { userNames[i] = rows[i].userName;